Windows 10 Creators Update 1703

[bd139]

Doesn't work. It uses it's own DNS resolution system which is in the guise of "malware prevention" to stop DNS hijackers from preventing windows updates and windows defender updates.

[joeqsmith]

I've continued running the router.  The only change was I enabled the known CDNs for now.  I thought originally it was the tables were too large and complex for the old router, causing some speed problems.  It appears this was not the case and it  was caused from not using the CDNs.

[rdl]

I've seen estimates that Microsoft may have as many as half a million internet connections available to use. It seems like trying to stop their spying by blockading would be useless.

[stj]

maybe you can block port numbers instead?
is m$ using 80/81 or something else?

[Monkeh]

maybe you can block port numbers instead?
is m$ using 80/81 or something else?

WTF would they use 81 for?

If they used a unique port, it'd just be blocked, and.. they'd move to using a port you can't arbitrarily block.

[joeqsmith]

I had started out blocking ports.  They are fine with only these open. 

So blocking every port but 53, 80 and 443 is not good enough.  I need a better router. 

Where's that $450 stripped version of Windows 10 I am hearing about???

I have had Wireshark running and so far nothing new has shown up in the last few days.  For sure you would not want to block individual IPs.   As you can see, I was going for entire ranges (and then some).   My concern is with Microsoft using Akamai's CDM services rather than missing another range owned by Microsoft.  All I can do is monitor it at this point and see if something changes.   

[BrianHG]

I guess shutting down TCPIP-v4&v6.sys, having your own private one in it's place which refuses M$ would also work.

I wonder if something like PeerBlock, with the right table of IP's & ports would do it?
http://peerblock.en.lo4d.com/details

It supposed to intercept right in-between Windows and it's TCPIP.sys

I use it on win7 and it blocks anything I want, coming in or going out.
You can make custom block lists, and ports, enable and disable them in real time...
They claim Win10 support.  However, it loads after windows boots, which means there is a small window of opportunity for windows to contact M$.

[joeqsmith]

I wonder how many third party tools like this broke (or worse report they work and do nothing)  after the recent "updates".   Blocking at the router at least decouples you from the OS.  Not aware of a MS patch that will reFLASH the router, yet anyway.   

[BradC]

Sounds like you need to run windows in a virtual machine on a Linux box. Use the EDA tools on the VM and all the communication stuff on the host machine.

I wont get the gaming performance of my 1080ti then.

Pass it through to the VM.

I understand what you are asking but unless you want to get your hands dirty and learn to write Windows device drivers (and that's a nasty rabbit hole to crawl down), a VM or external firewall is the way to do what you want to do.

[Red Squirrel]

I actually WANT to like windows 10, because 8 was so terrible, but the more I have to work with 10 the more I hate it and the more I'm glad I switched to Linux for my own stuff.

I just hate how the dialogs are so big and flat and almost feel like they are often missing options.  Everything takes up too much space, there's too much white, it's just ugly and annoying to work with.  It also has so many weird quirks and because everything is so dumbed down it's hard to find any way to troubleshoot stuff.  For example I had to troubleshoot a mic issue for a family member.  Just trying to find a basic sound recorder program was like pulling teeth.  The standard start menu is like completely useless, there's no "accessories" folders or anything, everything is just jumbled up together.  Managed to found a recording app but it looks like it was coded by a 3 year old. It has like no features.  I could not even tell if it was recording or not.  Long story short one weird thing about this mic issue is that in the sound properties (after digging a lot to try to even find them) it showed that the mic was picking up sound, it was also set to default, and the only recording device, yet no other programs worked.  I found another section where you have to give permission on a per app bassis, but you were limited by what is in the list.  I had installed Audacity for troubleshooting since that recorder app was garbage, but it did not show up in the list.

Overall I just found the entire experience unintuitive and frustrating.  Never did figure out the issue and just gave up.  On that same person's computer the printer also randomly stopped working. They are pushing all these forced updates and it just breaks everything.

[amspire]

I actually WANT to like windows 10, because 8 was so terrible, but the more I have to work with 10 the more I hate it and the more I'm glad I switched to Linux for my own stuff.

They are all frustrating.

I love Linux, but I have never once been able to successfully been able to do a version upgrade to an Ubuntu derivative without a non-working result. Quite often, the GUI never starts properly after updating. I am sure it works for some people - particularly if they are only using standard applications, but I now have to just clean install for a version upgrade. If you do not update the Linux versions, it usually means you cannot run the latest versions of applications unless you compile them yourself. That could mean you are not getting the latest security updates and bug fixes for applications.

For this reason, I love the idea of the rolling updates - like Arch Linux derivatives - but at some point, the rolling updates will break things. No good for ordinary users. For example, a year or two ago, Samba (Windows network file sharing in Linux) decided to remove functionality from one of their services because they really wanted you to be using a different service to do that job. All of a sudden, perfectly working Windows shares stopped working.

I did suspect that Windows 10 was going to be a 100% rolling update, but now we have discovered that Windows 10 is actually a new Windows version every year. This year, it is TWO new versions (the Fall Creators Edition is coming out this Tuesday I think). I like using WSUSoffline so I can update PC's offline, but with Windows 10, the updates seem to be largely combined in 12 massive files (many 1Gbyte in size), so downloading the latest Windows 10 updates for 32 and 64 bit involves 5 to 10GBytes of downloads.

Why can't Microsoft sell us what we really want - a stable and lean OS that can run programs? Have a much cleaner and faster update process - say like Arch Linux's Pacman. It would be great to have a Windows OS that can be simply set to never talk to anyone on its own accord. I would pay real money for that, but just once. Microsoft no longer want to tolerate users who pay them $100 for an OS and then never give them anything for the next 10 years.

I am still using Windows 8.1. It is better then Windows 7 as long as you configure it right so I don't have to use Metro (except for 1 window). If you like the Windows 7 interface, then the Windows 8.1 desktop is mostly the same, but the differences mostly improve it. I could not use Windows 8.1 "out of the box".  Windows 8.1 will be supported until Jan 2023, but Microsoft have killed my ability to recommend it as they will end non-security updates next year on current Intel processors. 8.1 has over 5 years of life. They are crippling it! 

Just as a guide, here are the current sizes of the WSUSoffline updates (for Win32 and Win64 together):

Windows 7: 5.9Gbytes
Windows 8.1: 7.1Gbytes
Windows 10: 12.2Gbytes

The Windows 7 updates are for 8 years of updates.
The Windows 10 updates are for just over 2 years of updates.

Most of the Windows 10 updates is for functionality that most of us do not need or want.

[joeqsmith]

I assume this is a new feature added to the 1703 that was requested by the masses.   Often now when starting the OS, it kicks off their store.  It's never done this the year prior to the 1703 forced upgrade so I assume it is new.   What's interesting is they start out trying to talk to their servers and all I get is a stupid spinner.   As I continued to monitor the traffic, they seem to switch to Akamai's and get the store to show a LinkedIn ad.   

I left the store application open and changed the router tables to include this entire block.  I then tried to access the store and after several minutes it fails.  So it does appear they will use the CDM for a backup.  Shutting down this block from Akamai did not seem to effect anything else, so far.   

[Red Squirrel]

I actually WANT to like windows 10, because 8 was so terrible, but the more I have to work with 10 the more I hate it and the more I'm glad I switched to Linux for my own stuff.

They are all frustrating.

I love Linux, but I have never once been able to successfully been ably to do a version upgrade to an Ubuntu derivative without a non-working result. Quite often, the GUI never starts properly after updating. I am sure it works for some people - particularly if they are only using standard applications, but I now have to just clean install for a version upgrade. If you do not update the Linux versions, it usually means you cannot run the latest versions of applications unless you compile them yourself. That could mean you are not getting the latest security updates and bug fixes for applications.

For this reason, I love the idea of the rolling updates - like Arch Linux derivatives - but at some point, the rolling updates will break things. No good for ordinary users. For example, a year or two ago, Samba (Windows network file sharing in Linux) decided to remove functionality from one of their services because they really wanted you to be using a different service to do that job. All of a sudden, perfectly working Windows shares stopped working.

I did suspect that Windows 10 was going to be a 100% rolling update, but now we have discovered that Windows 10 is actually a new Windows version every year. This year, it is TWO new versions (the Fall Creators Edition is coming out this Tuesday I think). I like using WSUSoffline so I can update PC's offline, but with Windows 10, the updates seem to be largely combined in 12 massive files (many 1Gbyte in size), so downloading the latest Windows 10 updates for 32 and 64 bit involves 5 to 10GBytes of downloads.

Why can't Microsoft sell us what we really want - a stable and lean OS that can run programs? Have a much cleaner and faster update process - say like Arch Linux's Pacman. It would be great to have a Windows OS that can be simply set to never talk to anyone on its own accord. I would pay real money for that, but just once. Microsoft no longer want to tolerate users who pay them $100 for an OS and then never give them anything for the next 10 years.

I am still using Windows 8.1. It is better then Windows 7 as long as you configure it right so I don't have to use Metro (except for 1 window). If you like the Windows 7 interface, then the Windows 8.1 desktop is mostly the same, but the differences mostly improve it. I could not use Windows 8.1 "out of the box".  Windows 8.1 will be supported until Jan 2023, but Microsoft have killed my ability to recommend it as they will end non-security updates next year on current Intel processors. 8.1 has over 5 years of life. They are crippling it! 

Just as a guide, here are the current sizes of the WSUSoffline updates (for Win32 and Win64 together):

Windows 7: 5.9Gbytes
Windows 8.1: 7.1Gbytes
Windows 10: 12.2Gbytes

The Windows 7 updates are for 8 years of updates.
The Windows 10 updates are for just over 2 years of updates.

Most of the Windows 10 updates is for functionality that most of us do not need or want.

Yeah Linux has it's issues too, one thing that frustrates me the most about it is the permission system especially over networks, it's really not scalable if you want multiple users to be able to have different permission levels.  Ex: I can't imagine trying to manage it in a corporate environment.   That and I hate how UID/GIDs have to match across all systems, that is the stupidest thing. It does not even care about the username/password. There's ways to set it up differently but it's very convoluted and I could not imagine having to go through all those steps on each and every machine, if there was a lot to do. I guess you could script it though... that's where Linux shines, it's easier to automate stuff.

As far as windows 10 rolling updates I can't imagine how messy that is going to get over the years.  Patches on top of patches on top of patches etc... Well, I guess even new releases are basically that.    I don't understand how their OSes are so bloated though.  Like how do you possibly have THAT much more code every time without really having anything to show for it?  It's crazy.   Heck, they even remove stuff.  Like newer versions of windows don't have telnet, and other simple apps like that.  Super annoying.  You can install it, but if I'm troubleshooting something on a computer that's not mine, it's nice if it's already on there.

[SeanB]

Remember Win10 also will use your internet connection as part of a form of bittorrent network to distribute patches and updates ( and who knows what else as well either way) to other machines. Thus best to say the network connection is metered, as that does turn it down a lot.

[Buriedcode]

Remember Win10 also will use your internet connection as part of a form of bittorrent network to distribute patches and updates ( and who knows what else as well either way) to other machines. Thus best to say the network connection is metered, as that does turn it down a lot.

You can turn this off, although I do believe it is on by default.  Like so many annoying things about windows 10, you do have some control over them, you just have to go through the settings to turn off what you don't want/need.  Ads, 'game recommendations', error reporting etc.. can all be turned off, the settings for which are not hidden away.

Whilst I still prefer windows 7 - because as we get older we become more resistant to change - I don't like the idea of running an OS that no longer has support, and still has published vulnerabilities that will never be patched. Look at the regular wave of breaches for XP systems (that still has a significant market share in the UK  - it won't be long before it could happen to 7/8.1

Give it a year, and I'm sure there will be more information about customizing ones OS, optimizing memory usage and size making it more tolerable.

[joeqsmith]

Remember Win10 also will use your internet connection as part of a form of bittorrent network to distribute patches and updates ( and who knows what else as well either way) to other machines. Thus best to say the network connection is metered, as that does turn it down a lot.

You can turn this off, although I do believe it is on by default.

I played around with it when they were pushing the 1703 update, just for the local.  Imagine the security problems if you could not disable it.  Although, I have seen them re-enable features like this that I have disabled.   Take the update service for example.  When I just ran services, it was no longer set to disabled and was running.  I disabled it, again.    

[Buriedcode]

Services will often be re-enabled after an update.  If you defer updates, and allow them to install one by one manually, you can keep track of it.  In some ways this is annoying, as you may have to do this every time, but on the flip side, it is part and parcel of keeping things 'up to date' for security.   I imagine they reset some settings because users may turn off features vital to security, then forget they have done so, leaving themselves open - and of course, if they lose valuable data they will blame the OS, despite the user turning off features designed to prevent that.

[joeqsmith]

To be clear I had disabled the update service after 1703 was installed, after blocking all the ports except for the three listed and after changing the router's tables to basically block all the traffic with Microsoft.   Enabling the auto updates does not seem to do much except generate unanswered traffic.   

[KE5FX]

Why can't Microsoft sell us what we really want - a stable and lean OS that can run programs? Have a much cleaner and faster update process - say like Arch Linux's Pacman. It would be great to have a Windows OS that can be simply set to never talk to anyone on its own accord. I would pay real money for that, but just once. Microsoft no longer want to tolerate users who pay them $100 for an OS and then never give them anything for the next 10 years.

They don't want money.  They've got money.  They want data.  Your data.

It turns out you can have enough money, but you can never have enough data.  Who knew?

[Red Squirrel]

Why can't Microsoft sell us what we really want - a stable and lean OS that can run programs? Have a much cleaner and faster update process - say like Arch Linux's Pacman. It would be great to have a Windows OS that can be simply set to never talk to anyone on its own accord. I would pay real money for that, but just once. Microsoft no longer want to tolerate users who pay them $100 for an OS and then never give them anything for the next 10 years.

They don't want money.  They've got money.  They want data.  Your data.

It turns out you can have enough money, but you can never have enough data.  Who knew?

Pretty much this, data is now worth more than anything now days.  And they know they have most people by the throat and most people are not going to switch to Linux, so they don't really care if they piss off people.  What makes it worse is that the majority of people don't even care and just say "I have nothing to hide" and accept it. 

[rdl]

1. For $20 I may buy one just to see if it actually works.

2. Not interested in untrustworthy cloud anything, but $84 a year? I'm used to buying OEM Windows once and using it for 5 years or more.

For the Windows 10 Pro haters, here are 2 ways to get Windows 10 Enterprise:

1. Get a license key here: https://digitalsguru.myshopify.com/products/windows-10-enterprise-product-key-code-32-64bit-full-version?utm_medium=cpc&utm_source=googlepla&variant=36370201296
It's technically not compliant with EULA since you don't have SA agreement, but from MS activation server's perspective, there's no difference, so as long as you can keep your employees' mouth shut, it should be okay.

2. MS sells a Windows 10 Enterprise as service offering, called Windows 10 Enterprise E3/E5, managed by a MS "trusted" cloud service partner (so the CDP serves as domain controller, and your client computer runs Windows 10 Enterprise client version). This starts from $84 per year.

[BradC]

1. For $20 I may buy one just to see if it actually works.

Before you do that, why not put a KMS server on another PC on your network and install Win 10 Enterprise with a KMS key? That'll get you up, running and activated. Then you can try all the telemetry disabling stuff to see if it's worth spending the $20 to illegitimately get a "legit" key.

[anishkgt]

Sorry to hear Joe.  I use Veracrypt with 1607 and all is well.  WinPE or WinRE don't recognize the Veracrypt bootloader to load 1703 so it falls back on 1607 and prevents the Win10 "upgrade" .

I still get periodic fixes for 1607 layered on Veracrypt.  I would hope by the expiration of support for 1607, 1703 would have all bugs worked out.

Could you please share more on the VeraCypt. I did checkout what it was but since its related to security and encryption, i wish to know more about it. Windows does an encryption app called the BitLocker Drive encryption.

[bd139]

Just a heads up with enterprise edition. It still has baseline security telemetry when everything else is turned off. That means it farts off binaries in your system via windows defender and smart screen randomly.

This is why we’re making steps to kill it. Even via MDM/GPO it can’t meet our security policy.

[rsjsouza]

Why can't Microsoft sell us what we really want - a stable and lean OS that can run programs? Have a much cleaner and faster update process - say like Arch Linux's Pacman. It would be great to have a Windows OS that can be simply set to never talk to anyone on its own accord. I would pay real money for that, but just once. Microsoft no longer want to tolerate users who pay them $100 for an OS and then never give them anything for the next 10 years.

They don't want money.  They've got money.  They want data.  Your data.

It turns out you can have enough money, but you can never have enough data.  Who knew?

Pretty much this, data is now worth more than anything now days.  And they know they have most people by the throat and most people are not going to switch to Linux, so they don't really care if they piss off people.  What makes it worse is that the majority of people don't even care and just say "I have nothing to hide" and accept it.

Quite interesting take indeed. It looks to me that Windows has become a "free" shopping/advertisement platform. I wonder if that is one more nail in the coffin of desktop computing for the common man, given that mobile has been much more prevalent for this audience these days?

One can only wonder...